AAPL Stock: 524.94 ( 0 )

Printed from

Safari 5.0.1, 4.1.1 security fixes include AutoFill patch

updated 11:45 am EDT, Wed July 28, 2010

Closes major security hole

The Safari 5.0.1 update -- and the corresponding v4.1.1 update for Tiger -- finally fix a serious AutoFill vulnerability, an Apple security note reveals. Using a carefully-crafted site and JavaScript, vulnerable versions of Safari can be tricked into entering and sending personal information without consent. Knowledge of the threat has allegedly been in the public domain for about a year, but until now not dealt with by Apple.

The upgrades also solve a problem with RSS feeds, which could be used to trigger uploads to a remote server. All other security improvements are directed at the WebKit engine, which could potentially be exploited through holes in handling of JavaScript, expressions, SVG files, CSS counters and other elements.

The Safari 4.1.1 update applies only to Mac OS X 10.4.11, and is a 29.53MB download.

by MacNN Staff





  1. testudo

    Joined: Dec 1969


    I wonder

    Gee, do you think this autofill issue was fixed because the guy made it public, or it took them this long to actually address the issue (which has actually been around for a while in various forms)?

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines


Most Popular

MacNN Sponsor

Recent Reviews

PenClic Bluetooth mouse

Windows 8 aside, computer users have been trained that a mouse is the proper way to navigate through the desktop for years. Trackballs ...

Booqpad for iPad Air

Before we get rolling, I'll confess: I've never understood the purpose of cases like the Booqpad. If you've got a tablet, surely p ...

Linksys EA6900 AC Router

As 802.11ac networking begins to makes its way into more and more devices, you may find yourself considering an upgrade for your home ...


Most Commented